DRM – The conundrum for protecting intellectual property

DRM or Digital Rights Management is often misinterpreted as a means of restricting consumer choice and forcing customer loyalty through electronic means. It’s had a bad rap if truth be told and it’s resurgence in current or future guises is now more likely than ever. The arrival of 3D printing and the possibility (in theory) of refrigerator sized “matter assemblers” which build items one molecule at a time are now, more than ever, on the way to becoming more science fact than science fiction.

What will this mean? Well it means that manufacturing of “something” will no longer be the hardest part. The element you will need to pay for will be the plans or blueprints of the something you want to build. These instructions, which currently are out there for free on the internet will allow someone at home to create small colourful items which appear little bit by little bit before their very eyes. The objects that are being created are the Duplo™ version of this new technology.

Future tech will see foods, complex machines and even possibly spare body parts being constructed one molecule at a time in a giant “bio printers”. And like CAD drawings or architectural plans there will be someone or some company that wishes to keep its intellectual property (IP) safe from trivial copy or theft.

That being said there are issues with DRM:

1. Many companies don’t understand the theories used so adapt other solutions in the belief that they are secure. Sometimes they are but only for the purpose to which they were designed and modification just weakens them.
2. You have to give the encryption key to the user at some point for them to be able to use the information. If the user is a good guy he won’t abuse it. If he’s not such a good guy he may wish to profit from it in some manner.
3. People distrust DRM because of prior… let’s call them abuses… by larger entities who have used DRM to enforce other forms of marketing or forced obsolescence.
4. Few understand encryption and many think that if something is encrypted it is always “safe”. In some cases this is true, in others it is not. I could spend weeks talking about maths in this element but let suffice to say not all locks are as safe as others.
5. If the solution applied prevents the bad guys from copying your IP but also stops the consumer from consuming your product then it’s failed before it starts.

So what is the solution?

Well there are multiple approaches all of which have flaws in one way or another. It’s popularly accepted now that out and out prevention is harder and less productive than a perceived threat of being caught if you do stick your hands in the cookie jar.

Elements such as watermarking or hidden metadata that fingerprints the data to the consumer are both viable options, but nothing is fool proof (and I’d be loath to say there ever will be a fool proof method). So protecting your IP is very akin to protecting your network. There are many forms of attack and each must be assessed for risk and appropriate safeguards applied.

I have had developers state that “it’s impossible to break this”, only to have to eat humble pie some days later when they discover that little is impossible, just highly improbable (and really not all that highly improbable). We forget the fundamental “onion” approach to IT security. Layers of security applied over each other so that any attacker must know more than a single element and have multiple tools in their arsenal. It’s still not ever going to be 100% secure but it will stop the vast majority of people.

So if you are using some form of protection or DRM on your IP make sure you understand it. Apply multiple forms of protection commensurate with the value of what you are trying to protect. Make sure it applies the rules of authentication, verification, data integrity and availability as well as having the ability trace to the point of “sale” or creation so that you can identify anyone who actively breaches it and above all… make it transparent to users.

Nothing upsets a consumer more than knowing they don’t own what they think they own. And lastly, never underestimate human ingenuity and curiosity. Hackers aren’t born, they learn their trade through an open mind and a will to solve a complex problem. Don’t create a solution and then believe you won’t have to reconsider it again.

DRM – because whatever you are trying to protect, is worth it. ;-)